For about a week, there has been a pop-up appearing every time I boot/reboot my computer. It reads:
C:\WINDOWS\Config\lsass.exe
Could not be found blah blah blah.
How can I get rid of it?
Pop Up Problem
Started by
kill_hXc
, Oct 27 2007 04:38 PM
#1
Posted 27 October 2007 - 04:38 PM
kill_hXc
-
- Member
-
- 103 posts
Member
For about a week, there has been a pop-up appearing every time I boot/reboot my computer. It reads:
C:\WINDOWS\Config\lsass.exe
Could not be found blah blah blah.
How can I get rid of it?
#2
Posted 27 October 2007 - 06:59 PM
SRX660
-
- Technician
-
- 4,345 posts
motto - Just get-er-done
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token. More info
Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm! If there is a lsass.exe in any other folder it is probably the sasser worm.
Virus with same name:
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
W32.HLLW.Lovgate.C@mm - Symantec Corporation
How do you tell if you have a sasser worm attack?
Look here
http://ask-leo.com/w...do_if_i_am.html
SRX660
Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm! If there is a lsass.exe in any other folder it is probably the sasser worm.
Virus with same name:
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
W32.HLLW.Lovgate.C@mm - Symantec Corporation
How do you tell if you have a sasser worm attack?
Look here
http://ask-leo.com/w...do_if_i_am.html
SRX660
#3
Posted 28 October 2007 - 05:39 AM
kill_hXc
- Topic Starter
-
- Member
-
- 103 posts
Member
Thanks for that. Having trouble actually finding anything which helps me though...! I was really just looking for a series of instructions telling me what to do.
I have Deep Scanned my PC with a fully updated BitDefender Anti-Virus program (which has all the firewall, live protection etc.) and also scanned with SpyBot Search and Destroy (fully updated version).
It can't find it...
I have Deep Scanned my PC with a fully updated BitDefender Anti-Virus program (which has all the firewall, live protection etc.) and also scanned with SpyBot Search and Destroy (fully updated version).
It can't find it...
#4
Posted 28 October 2007 - 06:16 AM
SRX660
-
- Technician
-
- 4,345 posts
motto - Just get-er-done
If the file was in correct directory, it is probably the legitimate lsass.exe and you need to replace it. You can copy the Lsass.exe file from your back up media into the C:\Windows\System32\ folder.
The backup copy of Lsass.exe can be found on your original Windows install disk in the folder F:\i386\lsass.ex_ (I'm guessing that "F:" is the identification of your CDROM drive. If not, use "E:" or similar as required).
Because the backup copy is compressed, you need to copy the .ex_ file into your System32 folder, then rename it from ".ex_" to ".exe".
You might end up needing to go into the Recovery Console to do this: Wown.com has some very useful details on using Recovery Console as needed.
http://www.windowsne...s/wxprcons.html
If the COPY command doesn't do the trick, try using EXTRACT instead.
I hope this helps you restore your system without having to reinstall Windows.
There is also a fix suggested on this forum website that may help you.
http://www.techspot....sexe-error.html
SRX660
The backup copy of Lsass.exe can be found on your original Windows install disk in the folder F:\i386\lsass.ex_ (I'm guessing that "F:" is the identification of your CDROM drive. If not, use "E:" or similar as required).
Because the backup copy is compressed, you need to copy the .ex_ file into your System32 folder, then rename it from ".ex_" to ".exe".
You might end up needing to go into the Recovery Console to do this: Wown.com has some very useful details on using Recovery Console as needed.
http://www.windowsne...s/wxprcons.html
If the COPY command doesn't do the trick, try using EXTRACT instead.
I hope this helps you restore your system without having to reinstall Windows.
There is also a fix suggested on this forum website that may help you.
http://www.techspot....sexe-error.html
SRX660
#5
Posted 01 November 2007 - 01:51 PM
anzenketh
-
- Technician
-
- 2,854 posts
BSOD Warrior/Computer Surgeon
I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in THAT forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.
If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
